﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Web;
using System.Web.Http;
using System.Web.Security;
using Tebbee.UI.Client.AccountSer;

namespace Tebbee.UI.Client.Controllers
{
    public class AccountController : ApiController
    {
        private readonly AccountSerClient db = new AccountSerClient();

        /// <summary>
        /// Login method help login to system
        /// </summary>
        /// <param name="mem">recieve username and password</param>
        /// <returns>HttpResponseMessage</returns>
        public HttpResponseMessage Login(MemberFull mem)
        {
            if (ModelState.IsValid)
            {
                string msg = "Tên Đăng Nhập Hoặc Mật Khẩu Không Đúng";
                string role = "";
                bool isLogin = db.Login(out role, mem.UserName, mem.Password);
                if (isLogin)
                {
                    FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(

                    1, // Ticket version

                    mem.UserName, // Username to be associated with this ticket

                    DateTime.Now, // Date/time ticket was issued

                    DateTime.Now.AddMinutes(50), // Date and time the cookie will expire

                    false, // if user has chcked rememebr me then create persistent cookie

                    role, // store the user data, in this case roles of the user

                    FormsAuthentication.FormsCookiePath); // Cookie path specified in the web.config file in <Forms> tag if any.

                    // To give more security it is suggested to hash it

                    string hashCookies = FormsAuthentication.Encrypt(ticket);

                    HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hashCookies); // Hashed ticket

                    // Add the cookie to the response, user browser

                    HttpContext.Current.Response.Cookies.Add(cookie);

                    return Request.CreateResponse(HttpStatusCode.OK, mem);
                }
                else
                {
                    HttpError err = new HttpError();
                    err.Message = msg;
                    return Request.CreateErrorResponse(HttpStatusCode.BadRequest, err);
                }
            }
            else
            {
                return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState);
            }
        }

        /// <summary>
        /// Logout system
        /// </summary>
        /// <returns>HttpResponseMessage</returns>
        public HttpResponseMessage Logout()
        {
            FormsAuthentication.SignOut();
            return Request.CreateResponse(HttpStatusCode.OK);
        }

        /// <summary>
        /// Change password of user
        /// </summary>
        /// <param name="user">recieve old password and new password</param>
        /// <returns>HttpResponseMessage</returns>
        public HttpResponseMessage ChangePass(ChangePassModel user)
        {
            string mgs = "";
            if (ModelState.IsValid)
            {
                user.UserName = HttpContext.Current.User.Identity.Name;
                bool isChange = db.ChangePwd(out mgs, user);
                if (isChange)
                {
                    return Request.CreateResponse(HttpStatusCode.OK, user);
                }
                else
                {
                    return Request.CreateErrorResponse(HttpStatusCode.NotFound, mgs);
                }
            }
            else
            {
                return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState);
            }
        }
    }
}
